gpt4 book ai didi

java - 如何捕获 AuthenticationProvider 抛出的正确异常?

转载 作者:行者123 更新时间:2023-12-02 09:34:47 26 4
gpt4 key购买 nike

我正在我的应用程序中实现自定义身份验证提供程序。在我的提供程序中,我根据情况抛出不同的异常和不同的消息。请看我的代码:

@Component
public class MyLdapAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

// Connect to LDAP - throw ConnectionException if the LDAP server is unreachable

// Authenticate

// Worng username or password, throw BadCredentialsException("Incorrect username or password.")

// Not enough right to use my app, throw BadCredentialsException("This user is not allowed to use the service.");
}

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}
}

为了捕获这些异常,我实现了 CustomAuthenticationEntryPoint ,像这样:

@Component
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

private final HandlerExceptionResolver resolver;

@Autowired
public CustomAuthenticationEntryPoint(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver) {
this.resolver = resolver;
}

@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) {
resolver.resolveException(httpServletRequest, httpServletResponse, null, e);
}
}

如您所见,我解决了该异常,以便可以在我的 @RestControllerAdvice 中再次捕获它。 (我想集中异常处理)。

我的问题是 commence CustomAuthenticationEntryPoint的方法将所有异常变成 AuthenticationException 。无论我在身份验证提供程序中抛出什么异常,我得到的始终是带有固定消息的身份验证异常:

Full authentication is required to access this resource

总之,我可以捕获从 AuthenticationProvider 抛出的异常。 ,但不是正确的。

我的问题:如何捕获从 AuthenticationProvider 抛出的正确异常?

最佳答案

我解决这个问题的方法是在 CorsFilter 之前添加一个新的 Filter:

在我的 SecurityConfigurer 类上:

@Override
protected void configure(HttpSecurity http) throws Exception {

http
.addFilterBefore(new ExceptionFilter(exceptionHandler), CorsFilter.class)
.....
}

ExceptionFiler 类:

public class ExceptionFilter extends OncePerRequestFilter {

private HandlerExceptionResolver resolver;

public ExceptionFilter(HandlerExceptionResolver resolver) {
this.resolver = resolver;
}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
filterChain.doFilter(request, response);
} catch (Exception ex) {
LOG.error("An exception has been thrown by one of the filters: ", ex);
ResponseEntity<Object> error;
if (ex instanceof ConnectionException) {
error = resolver.handleConnectionException(ex);
} else if (ex instanceof BadCredentialsException) {
error = resolver.handleBadCredentialsException(ex);
} else {
error = resolver.handleGenericException(ex);
}

response.setStatus(error.getStatusCode().value());
response.getWriter().write(error.getBody().toString());
}
}

}

您可以尝试使用 if 语句、catch 子句等,但您已经明白了。

关于java - 如何捕获 AuthenticationProvider 抛出的正确异常?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57624904/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com